Dockerfile
links
Supported tags and respective TBD
What is Shibboleth IdP?
Shibboleth is among the world's most widely deployed federated identity solutions, connecting users to applications both within and between organizations. Every software component of the Shibboleth system is free and open source.
Shibboleth is an open-source project that provides Single Sign-On capabilities and allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.
How to use this image
Since no two users of Shibboleth IdP are likely to configure it exactly alike, this image does not come with any default configuration.
Acquire Oracle Java
You should visit a page similar to this one at Oracle to download the Oracle JDK.
Select the Linux x64 RPM and agree to the Oracle Binary Code License Agreement.
Acquire JCE
You should visit a page similar to this one at Oracle to download the Oracle Java Crypography Extension policy files.
Dockerfile
Create a FROM tier/shibboleth_idp:3.3
COPY jdk-8u121-linux-x64.rpm /tmp/oracle_jdk.rpm
COPY jce_policy-8.zip /tmp/$oracle_jce_zip
Common additional sample configurations may include:
COPY server.xml /usr/local/tomcat/conf/
COPY krb5.conf /etc/
Build the container
$ docker build -t my-shibboleth-idp .
Test the configuration file
CAN THIS BE DONE? [jvf]
$ docker run -it --rm --name shibboleth-idp-test-run my-shibboleth-idp /usr/local/tomcat/bin/startup.sh
Run using a bind mount to share secrets
$ docker run -d --name my-running-shibboleth-idp -v /path/to/shibboleth_idp/certs:/opt/certs my-shibboleth-idp
Note that your host's /path/to/shibboleth_idp/certs
folder should contain...
TBD.
You may need to publish the ports your Shibboleth IdP is listening on to the host by specifying the -p option, for example -p 8080:80 to publish port 8080 from the container host to port 80 in the container. Make sure the port you're using is free.
Reloading config
TBD
N.B. that if every config file were on the bind mount, a REHUP of the container would work, but with the files scattered about the filesystem / unspecified....